To replace a console certificate with a certificate by a third-party certificate authority (CA), you must generate a certificate signing request (CSR) and submit it to the CA. You may need to replace the console certificate for any of the following reasons:

Your network policy requires that you use certificates issues by another CA.

Your existing certificate is expired.

You submit a CSR to a CA to obtain a signed certificate. Use the Operations Console to generate a CSR.

Before you begin

You must be an Operations Console administrator.

Consult your CA to ensure that you have all of the required information for the CSR.

Subject Alternate Name. The Subject Alternate Name (SAN) allows you to protect multiple fully qualified domain names (FQDNs) with a single certificate. You can enter one or more FQDNs as comma-separated values, for example, authservices.corp.com,authexample.com. The default value is the FQDN used by the Authentication Manager administrative consoles.